CVE-2008-1947

Description

Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.

References

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6009

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11534

https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

https://exchange.xforce.ibmcloud.com/vulnerabilities/42816

http://www.vupen.com/english/advisories/2009/3316

http://www.vupen.com/english/advisories/2009/0503

http://www.vupen.com/english/advisories/2009/0320

http://www.vupen.com/english/advisories/2008/2823

http://www.vupen.com/english/advisories/2008/2780

http://www.vupen.com/english/advisories/2008/1725

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

http://www.vmware.com/security/advisories/VMSA-2009-0002.html

http://www.securitytracker.com/id?1020624

http://www.securityfocus.com/bid/31681

http://www.securityfocus.com/bid/29502

http://www.securityfocus.com/archive/1/507985/100/0/threaded

http://www.securityfocus.com/archive/1/492958/100/0/threaded

http://www.redhat.com/support/errata/RHSA-2008-0864.html

http://www.redhat.com/support/errata/RHSA-2008-0862.html

http://www.redhat.com/support/errata/RHSA-2008-0648.html

http://www.mandriva.com/security/advisories?name=MDVSA-2008:188

http://www.debian.org/security/2008/dsa-1593

http://tomcat.apache.org/security-6.html

http://tomcat.apache.org/security-5.html

http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm

http://support.apple.com/kb/HT3216

http://secunia.com/advisories/57126

http://secunia.com/advisories/37460

http://secunia.com/advisories/34013

http://secunia.com/advisories/33999

http://secunia.com/advisories/33797

http://secunia.com/advisories/32266

http://secunia.com/advisories/32222

http://secunia.com/advisories/32120

http://secunia.com/advisories/31891

http://secunia.com/advisories/31865

http://secunia.com/advisories/31639

http://secunia.com/advisories/30967

http://secunia.com/advisories/30592

http://secunia.com/advisories/30500

http://marc.info/?l=tomcat-user&m=121244319501278&w=2

http://marc.info/?l=bugtraq&m=139344343412337&w=2

http://marc.info/?l=bugtraq&m=123376588623823&w=2

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html

http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3